Uriel is a technology aficionado. He enjoys programming computers and playing video games.
Second factor authentication which is also known as Two-factor authentication (2FA) method is a two-step verification security process where the user can provide two different factors of authentication for the purpose of verifying themselves for an improved protection of the resources and the credentials of the user.
This method of two-factor authentication is improved than single-factor authentication, as it provides better security. Usually, the single-factor authentication method depends on only a passcode or password but the two-factor authentication method depends on a password as well as on a second factor which can be a facial scan or fingerprint.
The two-factor authentication is used for online banking, online shopping, email, cloud storage accounts, social network accounts, productivity apps, password managers, and communication apps. The websites and the network services that are using the two-factor authentication method are Google, Facebook, Twitter, Apple, Microsoft, Yahoo, Evernote, Dropbox, LinkedIn, Tumblr, PayPal, and eBay.
The two-factor authentication is a helpful process that prevents your account from hackers. This verification process makes it tough for hackers to break into your account for stealing any kind of information or money.
Concept of two factor authentication
In today’s era, security is one of the major issues faced by governmental applications, banks, educational institutions, military organizations, and the common people. Therefore, the government is taking various laws and standards related to security so that confidential information does not get leaked. One of the weak links that are identified in security is the password.
As stated by Chaudhry et al (2015), the password is one of the common things that are used in the present world, but there are several issues related to passwords.
Often, users create a weak password so that they do not have to remember the difficult passwords. Nowadays, most systems depend on static passwords for the verification of the identity of the users. These passwords come with major security issues as the hackers can easily steal those passwords by using techniques such as snooping, shoulder surfing, guessing, or sniffing.
In today’s world, the authentication factors that exist are something known, something possessed, and something inherent.
As stated by Jiang et al (2017), examples of “something known” are a password, secret key, pin, or private key. Examples of “something possessed” are debit cards, smart cards, credit cards, driver’s licences, passports, and identification cards. Examples of “something inherent” are facial recognition and fingerprints. Therefore, the two-factor authentication method can be stated as the strongest method for the protection of information and accounts.
The process of authentication that is required to access the login accounts, online newspaper websites, online ticketing, and social networking accounts are done with the help of a Graphical password or Alpha Numeric Password. Another improved version of authentication that is now available is Biometric Authentication which comprises iris recognition, fingerprint, and heart beat.
One of the major disadvantages of the OTP system is that the users have to carry the device with them all the time to get the OTP.
The two-factor authentication method is normally user-friendly in nature, as it requires the two passwords to be stored in its system. As stated by Jiang et al (2015), the integrity, privacy, and availability of the information are the main concern of computer security and this can be achieved by using the two-factor authentication method.
As stated by Nam et al (2015), human beings often have the tendency to create easy passwords which are prone to hacking and therefore the two-factor authentication method which is done with the help of biometrics can provide extra security to the accounts. As stated by Xie et al (2016), this two-factor authentication method simply confirms the identification after getting the double verification.
It is gathered from the various reports that biometric authentication is expensive in nature and has some privacy issues. Therefore, the One Time Password (OTP) system is a more effective two-factor authentication system.
According to the experts, the two-factor authentication method can surely lessen online extortion and online fraud. This authentication system is mainly used by the banking industry, and this can be added without replacing the whole system, as only an additional layer is required for the protection of the information.
Usage of two factor authentication by the social networking sites
Facebook – Facebook has over 1.11 billion users and is considered the most visited social networking platform. According to the studies, it was gathered that nearly 51 percent of the users visited the site once a month. As stated by Dmitrienko et al (2014), due to the high traffic, the two-factor authentication method is used by this website for maintaining the security of the users.
Youtube – This social networking platform allows the users to upload different types of videos and therefore a necessary two-factor authentication is a must for the security of the users.
Google + - From the reports, it is gathered that Google + has more than 343 million users and the activity on this site is on a regular basis. Therefore, security is a must for this website, and for that purpose, the two-factor authentication method is used in this website for the security of the users.
Risks of single factor authentication
Depends on the defense of the password
It is due to the static password that the issue related to security occurs. Passwords often do not have the capability to restrict unauthorized access, as it is the one and only defense of the security system. In this authentication system, the user is allowed to enter an email or username with a secure password and the system makes the verification accordingly.
If the username and password match then the user is allowed to enter the system. As stated by Giobbi et al (2017), in social networking platforms, the passwords of the user are stored in the database in an encrypted form.
In the single-factor authentication method, the majority of the users make weak passwords and this can be the reason for the information leak. In other scenarios, the users make the mistake of writing down their passwords in a safe location, and sometimes the password gets leaked.
Nowadays, users manage multiple social networking accounts, and it is a common tendency that the same username is used by the user in all the accounts and this can be a very serious security issue. The hacker can easily access the accounts of the user if one account is hacked.
Chances of Phishing Attacks
A phishing attack is a kind of attack technique used by hackers to lure their victims by sending them emails and by posting URLs on their social media networks. As stated by Konoth et al (2016), the users are convinced to enter the fake websites created by the hackers so that their private and sensitive information is collected. The users are fooled by creating fake websites that look almost like the real ones.
Vulnerability to Phishing attacks
According to the facts, it is gathered that the degree of vulnerability of information decides the level of security that is required for the protection of the information. As stated by Shah et al (2015), it can be explained by the example of medical records of the patients as they are both vulnerable and sensitive. Unauthorized access is strictly prohibited by the medical terms and policies.
Another example of this is the device that is connected to the Internet and accessed by many users. In this case, the information of the users can be very easily traced by the hackers and this can involve loss of information.
As the single-factor authentication method uses only a username and password, it is easily accessible by hackers. For avoiding such circumstances, the two-factor authentication method is used which provides a double barrier for the users.
Risk mitigation by the two factor authentication method
It is common nature of users that they write down their passwords instead of remembering them. This writing down of passwords makes them vulnerable to hackers as they can easily get the necessary information. As stated by Cunningham et al (2015), the two-factor authentication method provides an exceptional solution to this by generating a unique OTP for every log-in attempt or transaction. With this authentication method, the user does not have to worry about information leak as the second line of defense which is the OTP provides a strong even if the password is compromised.
Reduction of data theft
The issue of identity theft has become a major problem for users in recent years. ID theft is a very serious issue as it can cause serious harm to users. A hacker can easily use your account and can make huge transactions that can be a burden for you. Therefore, the two-factor authentication method is used for reducing cyber crimes like identity theft, phishing, and hacking. In the banking system, it is used for the security of the users as it involves the transaction of money.
This is particularly important in the case of an online transaction, as the customers use their debit cards and credit for various transactions. As stated by Siadati et al (2017), the customers should activate this two-factor authentication method and after the authentication, the 3D secured payment gateway asks for the OTP for the completion of the transaction. This OTP is secured and is sent only to the registered user.
Increased productivity and flexibility
Different users are allowed access to log in to a database by the use of the two-factor authentication method. With the use of this authentication method, the users can access the server of their company with their mobiles, hard tokens, and USB tokens. With the help of this authentication method, the employees of many companies are allowed to work from remote areas.
The productivity level increases as the employees are allowed to have access to the systems of the companies. One of the most famous security solutions that is available today is SSL VPN
Reduction of operational costs
With the help of the two-factor authentication method, many companies are able to lower their operational costs. The employees are able to access the servers, databases, and web portals of the company securely from their personal devices with the help of a two-factor authentication method. For this, they just need to install the OTP generation software on their mobiles. With the help of this software, OTP is generated and synced with the company server.
We can conclude that password is one of the common things that are used in the present world, but there are several issues related to password. These passwords come with major security issues as the hackers can easily steal those passwords by using techniques such as snooping, shoulder surfing, guessing, or sniffing.
The improved version of authentication that is now available is Biometric Authentication which comprises iris recognition, fingerprint, and heart beat.
The One Time Password (OTP) system is a more effective two-factor authentication system. According to the experts, the two-factor authentication method can surely lessen online extortion and online fraud.
Due to the high traffic on Facebook, the two-factor authentication method is used by this website for maintaining the security of the users. In the single-factor authentication method, the majority of the users make weak passwords and this can be the reason for the information leak. A phishing attack is a kind of attack technique used by hackers to lure their victims by sending them emails and by posting URLs in their social media networks.
The two-factor authentication method provides an exceptional solution to this by generating a unique OTP for every log-in attempt or transaction. Different users are allowed access to log in to a database by the use of the two-factor authentication method.
This content is accurate and true to the best of the author’s knowledge and is not meant to substitute for formal and individualized advice from a qualified professional.
© 2022 Uriel Kushiel